The unsavoury world of PC licences and Firefox exploits

It's nasty out there, kids

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Letters A quick rummage through the letters bag for the choicest morsels [sounds like a dog food advert - Ed] turned up one of your favourite topics: the television licence, and its future.

Those from outside the UK are often utterly baffled by the television licence: a piece of paper conferring upon the grateful subject the right to watch the goggle box. Here in Blighty, opinion on the subject is already deeply divided, so you can probably imagine the kind of reaction to government speculation that the long-term future of the licence could possibly involve a possible switch to a PC licence:

Makes sense. I don't pay the TV license because the aerial doesn't work. Instead, BitTorrent and the BBC On-Demand Player satisfies all my needs. Even had a TV license guy come in, I told him I download everything, and there's nothing he could say to that.

Living in guilt,



Wow, what a wonderful idea. The same state system that whines on about trendy concepts like 'digital divides' then goes on to suggest instead of taxing TVs, we'll tax PCs instead. Sounds like jobs for the boys following the analogue switch-off.

How's this for an idea - sack the bureaucrats who come up with this trash (this will probably save the same amount anyway), make Auntie self-financing by encrypting the TV channels and offering them out via digital service so that we, the consumer, can choose what we watch (Why should I pay for BBC 4 so a handful of high-brow types can watch opera/Why should high-brow opera types pay for knuckle-dragging content on BBC 3?).

Alternatively, the government could be honest, whack a penny on income tax and directly fund Auntie. After all, Geriatrics do so love their state pension.

Curtis, the foaming, gibbering mass, sitting in the corner with too much time on his hands.......

PC Tax

Several thoughts spring into my mind here, first what's a PC? A playstation? A Mac? A nokia Communicator? A SKY+ box?

Second why pick on PC's to fund the BBC, why not telephones or shoes?


A "PC Tax"? Heaven forbid!

"Unenforceable?" - when my phone and my PDA are in effect PC'S that can get the BBC - you bet!

Remember the "Window Tax" of 2 centuries ago? You can still see the bricked-up windows.

If I was Jessa Towel, I would be thinking along the following lines:

a VOLUNTARY TAX on ISP's, which networks run by BT would pay for immediately. In return for their payment, these ISP's will be able to offer their customers access to "state-provided" services, including of course the BBC, but also the other things you need to connect to the authorities for, such as taxes, the dole, driving license, voting, school meals preferences, planning permission, hip surgery..............

ISP's who didn't pay up would still be able to provide a "second-class" service for the brickers-up.


Some of you took issue with the results of an RSA Security survey which found London's Wi-Fi networks are unsecured and vulnerable to attack:

In regard to your recent publication on the survey claiming a percentage of Wireless networks in the London area are not secure, I believe this to be a tremendously flawed number.

For you see, you cannot easily find out if a network is not secure.

Most would say, you could war drive around for a few hours with an Omni antenna mounted on the roof of your car, scan for networks and then assume that all of the Networks you find running without WEP or WPA and the like are open to attack.

Well no, this is not the case,

For example,

1. I know for a fact that there are a number of "honeypots" running that are open for the simple reason of wanting to be attacked, these are used for research purposes by individuals and companies.

2. Public wifi networks, such as the meshhopper style cannot use encryption, otherwise how would you get onto the Network in the first place to pay.

3. A number of companies use a combination of an open wireless networks and a VPN solution with RSA keys or SSH tunnels which is perfectly fine anyway since the all your traffic is sent over a secure tunnel even if your network is insecure.

Now to probe each network and find out what each setup entails would take an inordinate amount of time (believe me, i've done it, and even scripting the whole thing using tools such and kismet and ettercap, its still a lengthy process).

So this can only lead me to the conclusion that their statistics are incorrect, as in my tests I found presuming encryption on/off and an Access point name of "any" meant secure/insecure was wrong.

P.S. At home I use a PoE Wireless Access point (mounted on the roof) as a client (No WEP) running on CAT 5 to another access point inside the house running a second wireless network with, again, no WEP. The reason I do this is because the Wireless is provided for free from the County Council and I don't mind letting the neighbours using it.

Am I concerned about my information being sent securely ? I use a VPN Tunnel to a Co-Located machine and it would simply be easier to break into my house and rob the machine.

Regards, Keith

Next up we have the rather unpalatable news that the hacking community does not regard Mozilla/Firefox as sacrosanct and has written a nasty piece of code designed to get spyware and adware onto the machines of users running non-IE browsers:

How can you describe this as a security weakness in Firefox and other browsers when the user has to click to give permission for the install? If you actually read the dialog box the security certificate is invalid and was issued by a company that is not trusted.

How do you suggest that Firefox and other browsers should deal with this ? simply prevent installation of java at all times.

Any system can be compromised by user stupidity if you are prepared to download and execute software from unknown and untrusted sources then I don't know why you expect your browser to protect you !


"exploiting the vulnerabilities that exist in any complex browser"

Should this be a call to return to simple browsers ? Ones that do not integrate Java and ActiveX ? After all, there is no information on the web that calls for anything else than HTML, all the rest is just icing on top, icing that is real good at attracting flies (and worse). If Flash can be lumped into the "complex" category, and I've got a strong hunch it can, then I'm all for it. Long live pure HTML !


Well, sounds like we should all just go back about 15 years and start using lynx again.

Wouldn't hurt the quality of the web either - imagine banning frontpage and dreamweaver and all those other tools that generate massively bloated HTML and requiring web designers to write robust, clean HTML...

Ah.. the good old days...


Yawn. So there's yet another "if the user clicks the button, they're infected" exploit. Why is this news? We already know users are idiots.

Next week in The Register: "Shocking New Evidence Proves Water is Wet!"


Get your facts straight, learn about computers and make sure your mouth (in your case your ass) is connected to your brain before commenting on something you obviously know nothing about.


A direct brain-to-donkey connection, eh? Intriguing... We'll be back on Friday with an update from Muffin the Mule. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.